1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
#!/bin/sh
set -e
# for all DB types, generate a config file:
dbc_generate_include="template:/etc/sloecode/database.ini"
dbc_generate_include_args="-o template_infile=/etc/sloecode/dbtemplate.ini --ucf"
dbc_generate_include_perms="644"
. /usr/share/debconf/confmodule
# source dbconfig-common stuff
. /usr/share/dbconfig-common/dpkg/postinst
dbc_go sloecode $@ || true
# Finally, create the public/private key pair so we can start the smart server
# 'Here' document for creating keys in python:
OUTFILE=`tempfile -s ".py"`
(
cat << 'EOF'
#!/usr/bin/python
"""
Generates 1024-bit RSA key pairs for the sloecode server. We could use
ssh-keygen for this, but it's not guaranteed to be installed, whereas
python-twisted.conch is.
Keys are only generated if "install" is the first argument to this script
and the key files do not already exist.
"""
import getpass, os, socket
from os.path import dirname, exists
from os import system
from sys import argv
from twisted.conch.ssh import keys, common
from twisted.python import filepath, randbytes
from Crypto.PublicKey import RSA
KEY_LENGTH = 1024
FILE_PATH='/var/lib/sloecode/keys/sloecode_rsa'
if not exists(FILE_PATH) and not exists(FILE_PATH+'.pub'):
#print 'Generating public/private rsa key pair.'
key = RSA.generate(KEY_LENGTH, randbytes.secureRandom)
keyObj = keys.Key(key)
comment = '%s@%s' % (getpass.getuser(), socket.gethostname())
# Pass a password string as the second argument to toString() below to set
# a key password.
filepath.FilePath(FILE_PATH).setContent(keyObj.toString('openssh', None))
os.chmod(FILE_PATH, 0600)
filepath.FilePath(FILE_PATH + '.pub').setContent(
keyObj.public().toString('openssh', comment))
os.chmod(FILE_PATH+'.pub', 0644)
#print "Key pair stored in: " + dirname(FILE_PATH)
#print "Key fingerprint is: " + keyObj.fingerprint()
EOF
)>$OUTFILE
python $OUTFILE
rm $OUTFILE
# get user & group config parameters:
db_get sloecode/run_as_user
SC_USER=$RET
#db_get sloecode/run_as_group
#SC_GROUP=$RET
# add user and group to the system:
if ! getent passwd $SC_USER >/dev/null; then
useradd -r $RET
#groupadd -r $RET
fi
# modify apache config file appropriately:
sed -i "s/SLOECODE_USER/${SC_USER}/" /etc/apache2/sites-available/sloecode
sed -i "s/SLOECODE_GROUP/${SC_USER}/" /etc/apache2/sites-available/sloecode
# change ownership of bazaar staging area:
chown -R $SC_USER.$SC_USER /srv/sloecode
# and the pylons sloecode cache directory:
chown -R $SC_USER.$SC_USER /var/cache/pylons-sloecode
# run any auto-generated debhelper commands:
# this will start the sloecode servers (and maybe do other things as well)
#DEBHELPER#
# the twistd app leaves at least one file descriptor open, which cases the debconf
# front-end to hang, which means I need to do this manually:
db_stop
|